Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2009-3026
Description:protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.
Test IDs: None available
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2009-3026
BugTraq ID: 36368
http://www.securityfocus.com/bid/36368
http://www.openwall.com/lists/oss-security/2009/08/24/2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11070
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5757
http://secunia.com/advisories/37071
XForce ISS Database: pidgin-libpurple-weak-security(53000)
https://exchange.xforce.ibmcloud.com/vulnerabilities/53000




© 1998-2024 E-Soft Inc. All rights reserved.